Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
CVE-2023-3718
8.8HIGH
Summary
An authenticated command injection vulnerability in the AOS-CX command line interface enables attackers to execute arbitrary commands with privileged access on the operating system of the affected network switches. Exploiting this vulnerability could lead to full compromise of the device, impacting its security and integrity. Users of AOS-CX are advised to apply the latest security patches to mitigate this risk effectively.
Affected Version(s)
Aruba CX Switches AOS-CX AOS-CX 10.11.xxxx: 10.11.1010 and below
Aruba CX Switches AOS-CX AOS-CX 10.10.xxxx: 10.10.1050 and below
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nick Starke of Aruba Threat Labs